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DETAILED ACTION 

1 . This action is responsive to communications: application, filed 9/22/2003; 
amendment filed 4/7/2008. 

2. Claims 1-86 are pending in the case. 

Information Disclosure Statement 

3. The information disclosure statement (IDS) submitted on 4/8/2008 has been 
considered by the examiner. See attached form PTO-1449. 

Response to Arguments 

4.1. Double Patenting Rejection: 

With regards to Double Patenting rejection, applicant argues that the 719 application 
(application number 10/243'355) has been abandoned, and therefore it cannot be used 
as grounds for Double Patenting rejection. The argument is found persuasive, however, 
a double patenting rejection based on another application is outlined in the next section. 

4.2 Prior Art Reiections: 
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Applicant's argument relative to rejection of claims 1, 10, 19 and 28 under section 
102(e) is moot in view of the new grounds of rejection outlined in the next section. 

With regards to claims 2, 1 1 , 20 and 30 applicant states that the rejection failed to 
consider the claim as a whole. However, applicant does not point out or discuss any 
part of the whole claim that is allegedly not been considered, or how the rejection fails to 
address all claim limitations as a whole. 

Applicants also state that Muntz taught that such pools are unnecessary, but fails to 
identify any part of Muntz in support of their statement. 

Applicant's argument relative claims 3, 4, 12, 13, 21, 22, 31, 32, 5, 14, 23, 29, is based 
on the dependency of the claims on claims 1 , 2, 1 0, 1 1 , 1 9, 20, 29, or 30. 

With respect to claims 6 to 9, 15 to 18, 24 to 27, applicant simply states that the 

rejection is not related to the claims, or argues that the rejection does not consider the 
claim as whole, without specifically discussing why the rejection is unrelated, or which 
part of the whole claim is not considered. 
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With respect to claims 7 to 9, 15 to 18, 24 to 27, applicant argues again that the claim 
as a whole is not considered, without discussing any part of the whole claim that has not 
been considered. 

With respect to Claim 33, 50, 67 and 84, applicant argues that there has been no 
teaching cited of delivery parameters as recited in these claims, a target ID, or the 
specific limitations recited in the claims. However, in addition to the associated 
rejections, pages 7-9 of the Final rejection explain how the rejection addresses all 
required limitations of the mentioned claims. 

Applicant further argues that the specific limitations on how the target key and the first 
key are obtained are not disclosed. However, the specific limitations mentioned by the 
applicant are determining the target key based on a target ID identifying the target 
device, or applying a cryptographic process to a first key and the content request to get 
the session key. Therefore, the cited limitations refer to creating a session key based on 
a combination of other keys (parameters) using a cryptographic process. Examiner has 
taken the official notice that this process is well-known to the one skilled in art. In other 
words combination of several parameters associated with the elements of an 
authentication process, such as the identification of the target system or the received 
request, was broadly used and practiced before the time of invention. As an example, 
see section page 175 of the text book "Applied Cryptography" by B. Schneier, a copy of 
which was included with the Final Office Action. Therefore, barring any expressed 
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unexpected results from the particular selection of parameters or the process of 
combination, it would have been obvious to the one skilled in art to provide the session 
key as identified by limitations of claim 33. 

With regards to claims 34-49, 51-66, 68 -83, 85 and 86, applicant once again argues 
that the rejection failed to consider the claim as a whole. However, applicant fails to 
discuss which part of the whole claim is not been considered, or how the rejection fails 
to address all claim limitations as a whole. 

With regards to claim 41, applicant cites a portion of the claim and simply states that 
rejection relies on generalities to reject the specific claim limitations. However, the 
associated rejection explains how the prior art teaches all claimed limitations. Applicant 
does not discuss how the rejection fails to teach all claim limitations. 

Based on the discussion above, applicant's argument is found non persuasive. The next 
section outlines the currently applicable rejections. 

Double Patenting 

5.1 . The nonstatutory double patenting rejection is based on a judicially created 
doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the 
unjustified or improper timewise extension of the "right to exclude" granted by a patent 
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and to prevent possible liarassment by multiple assignees. See, In re Goodman, 1 1 
F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 
645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In 
re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); and In re Thorington, 418 F.2d 
528, 163 USPQ 644 (CCPA 1969). 

A timely filed terminal disclaimer in compliance with 37 CFR 1 .321(c) may be 
used to overcome an actual or provisional rejection based on a nonstatutory double 
patenting ground provided the conflicting application or patent is shown to be commonly 
owned with this application. See 37 CFR 1/130(b). 

Effective January 1 , 1994, a registered attorney or agent of record may sign a 
terminal disclaimer. A terminal disclaimer signed by the assignee must fully comply with 
37 CFR 3.73(b). 

5.2. Claims 1 -4, 1 0-1 3, 1 9-22, 28, and 30-32 are provisionally rejected under the 
judicially created doctrine of obviousness-type double patenting as being unpatentable 

overclaims 1, 2, 3, and 43 of Application No. 10/243'858 (de Jong etal.), hereinafter 
called '858. Although the conflicting claims are not identical, they are not patentably 
distinct from each other because de Jong discloses: 

de Jong claim 1 : A system for digital content access control, comprising: a first user 
device configured to: receive an authenticated digital content request in response to 
sending a digital content request comprising a request for digital content wherein said 
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authenticated digital content request includes said request for digital content; and send 
said authenticated digital content request; 

a content provisioner configured to send said authenticated digital content request to 
said first user device, wherein said content provisioner, following receipt of said digital 
content request, creates said authenticated digital content request when a user 
associated with said digital content request is authorized to access and use said digital 
content; 

a content repository configured to send said digital content to a second user device, 
following receipt of said authenticated digital content request, when said authenticated 
digital content request is associated with said digital content; and a synchronizer, 
coupled to said content provisioner and to said content repository, configured to: 
determine a synchronization event for synchronization of information used by said 
content provisioner to create said authenticated digital content request with information 
used by said content repository to validate said authenticated digital content request; 
and send said synchronized information to at least one of said content provisioner and 
said content repository in response to said synchronization event. 

de Jong claim 2: The system of claim 1 wherein said second user device and said first 
user device are a same user device. 
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de Jong claim 3: The system of claim 1 wherein said digital content request comprises a 
Universal Resource Locator (URL); and said authenticated digital content request 
comprises a token ized URL. 

de Jong claim 43: A system for digital content access control, comprising: 

a token issuer configured to: receive a digital content request comprising a request for 

digital content; and issue a token from a token pool associated with said digital content 

when a user associated with said digital content request is authorized to access and 

use said digital content; a token acceptor configured to validate e said token based at 

least in part on whether said token is associated with said digital content; and 

a synchronizer configured to: determine a synchronization event for synchronization of 

token pool information used by said token issuer and said token acceptor; and 

send said synchronized information to at least one of said token issuer and said token 

acceptor in response to said synchronization event. 

Claims 1, 10, 19, and 28 of the instant application are obvious over claims 1 and 2 
above, as they produce a method for digital content access control, comprising: 
receiving by a content provisioner a digital content request from an end-user device, 
comprising a request for digital content (the second paragraph of '858 shows the 
content provisioner sends the authenticated content request to the first user (end-user). 
The first paragraph shows that the authenticated content request was received by the 
first user in response to a request sent by the first user. Therefore, the content 
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provisioner received a request for content from tlie first user); creating, by said content 
provisioner following said receiving, an authenticated digital content request if an end- 
user associated with said digital content request is authorized to access said digital 
content (858' claim 1, paragraph 2); determining, by said content provisioner following 
said receiving and in said creating, one or more delivery parameters, said one or more 
delivery parameters identifying a target device to receive said digital content, wherein 
one or more parameters is used to determine the target device ('858 claim 1 paragraph 
3 shows that the content provisioner sends the content to a second user device 
following the receipt of the authenticated request. Therefore, the authenticated request 
identifies the second user. Note that per '858 claim 2 the second and the first users are 
the same. Also note that, as shown in paragraph 2, the authenticated request includes 
the request sent by the first user, and the first user was authenticated to make sure it is 
entitled to receive the content. Therefore, the request sent by the first user identifies the 
first user as the one entitled to receive the content. Note also that the first user sends 
the authenticated request to the repository. Therefore, it is based on the request that it 
is determined where the content should be sent. In addition, the content repository 
prepares an authenticated request for delivery of the content. It would have been 
obvious to include the target identity by the content provisioning device, as the purpose 
of the content provisioning device is to control the access to content. Identifying the 
target that should receive the content is the most essential function of access control); 
and sending, by said content provisioner to send end-user device, said authenticated 
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digital content request including said one or more delivery parameters ('858 claim 1, 
paragraphs 1 and 2). 

Claims 2, 3, 1 1 , 1 2, 20-21 , 30-31 of the instant application are obvious over claims 1 , 2, 
3 and 43 above, as they produce limitations of claim 1 and wherein said digital content 
request comprises a Universal Resource Locator (URL); said authenticated digital 
content request comprises a tokenized URL; and said creating further comprises: 
determining a token pool associated with said digital content; determining a token in 
said token pool; and creating a tokenized URL based at least in part on said token. 

Claims 4, 13, 22 and 32 of the instant application are obvious over claims 1, 2, 3 and 43 
above, as they produce limitations of claim 1 and wherein said token is from a token 
pool associated with the location of digital content for which access is authorized. 

5.3. This obviousness-type double patenting is a provisional rejection as the 
conflicting claims have been allowed but have not been patented at this time. 

Claim Rejections - 35 USC §112 

6. The following is a quotation of the first paragraph of 35 U.S. C. 112: 

The specification shall contain a whtten description of the invention, and of the manner and process of 
making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the 
art to which it pertains, or with which it is most nearly connected, to make and use the same and shall 
set forth the best mode contemplated by the inventor of carrying out his invention. 
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7. Claims 1, 10, 19 and 28 are rejected under 35 U.S.C. 112, first paragrapli, as 
failing to comply with the written description requirement. The claim(s) contains subject 
matter which was not described in the specification in such a way as to reasonably 
convey to one skilled in the relevant art that the inventor(s), at the time the application 
was filed, had possession of the claimed invention. All claims are amended to include 
an end- user and an end- user device. The differences between an end- user and a user 
are not described or identified in the Specification. It is not clear how an end- user further 
limits the claims. 



In addition, claims are amended to include "and in said creating". Applicant does not 
point out any portion of the Specification in support of this limitation, and it is not exactly 
clear how it further limits or changes the scope of the claims. 



Claim Rejections - 35 USC § 102 



8. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 1 02 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351 (a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21(2) 
of such treaty in the English language. 
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9. Claims 1,10, 19 and 28 rejected under 35 U.S.C. 102(e) as being anticipated by 
Muntz et al. (US Patent Application Publication No. 2003/0208681 , filed May 6, 2002). 

9.1 . As per claims 1 , 1 0, 1 9 and 28 Muntz is directed to a method for digital content 
access control, comprising: receiving, by a content provisioner, a digital content request 
from an end-user device comprising a request for digital content (Fig. 5A and 
associated text, and in particular paragraph 39. Note that per parag. 13, client 105 may 
include computer or computer systems, and therefore client 105 is an end-user device); 
creating, by the content provisioner following said receiving, an authenticated digital 
content request (Fig. 3 and associated text describes creation of a block list and a token 
identifying the resource to be accessed, the operations that could be performed on the 
resource and the user credentials. Note that as shown in paragraph 39, the generation 
of token and block list happens after a request Is received) if an end-user associated 
with said digital content request is authorized to access said digital content (for 
example, paragraph 31 , which shows the authentication is made using user credentials, 
and the user is associated with the its client device); determining, by said content 
provisioner following said receiving and in creating (Muntz client 105 is the target device 
(which receives the data and credentials) and the Administrative Server 104 (part of 
which is the Metadata Server 214) is the Content Provisioner. Per paragraph 19, 
metadata server sends the block list and the validation mechanism to the client 105. As 
indicated in Fig. 1 and paragraphs 12-14, client 105 and the metadata server are 
connected via network. To communicate via network, the metadata server is required to 
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identify the client as recipient of data, otherwise a network connection to transmit data 
cannot be established. In addition, per paragraph 32, the client 105 and Metadata 
server authenticate each other. This explicitly shows that the Metadata server identifies 
the client 105), one or more delivery parameters, said one or more delivery parameters 
identifying a target device to receive said digital content (the block list and the token 
determine access parameters and credentials of the user and the client device. In 
addition, paragraph 28 shows that the Block server authenticates the client using the 
token (which is part of authenticated request). Therefore, the authenticated request 
must contain an identifier of the client device); wherein said one or more delivery 
parameters is used to determine said target device (as mentioned above, the content 
provisioner determines delivery parameters which identify the target. Therefore, the 
delivery parameters are used to identify the target. In addition, per paragraph 32, the 
token includes credentials, such as operation type(s) authorized for the client. The token 
is generated by the metadata server. If the token identifies the operations allowed by 
the client, it must also identify the client, and is used to identify the client. Note that per 
parag. 13, client 105 may include computer or computer systems); and sending, by said 
content provisioner to said end-user device, said authenticated digital content request 
including said one or more delivery parameters (paragraph 19, where the block list and 
validation mechanism is returned to the client). 



Claim Rejections - 35 USC § 103 
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1 0. The following is a quotation of 35 U.S.C. 1 03(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

1 1 . Claims 2-9, 11-18, 20-27 and 29-86 are rejected under 35 U.S.C. 103(a) as 
being unpatentable over Muntz et al. (US Patent Application Publication No. 
2003/0208681, filed May 6, 2002) in view of Official Notice. 

11.1. As per claim 2, Muntz is directed to the method of claim 1 wherein said digital 
content request comprises a Universal Resource Locator (URL); said authenticated 
digital content request comprises a tokenized URL; and said creating further comprises: 
determining a token pool associated with said digital content; determining a token in 
said token pool; and creating a tokenized URL based at least in part on said token 
(Muntz teaches identification of the resource to be accessed using a token and a block 
list as identified in rejection of claim 1 . Examiner takes the official notice that a common 
and widely practice mechanism to identify a resource and credentials needed to access 
the resource is using URLs and tokenized URLs. It would have been obvious to a 
person skilled in art to use a tokenized URL as a mechanism to implement Muntz block 
list and token). 

1 1 .2. As per claim 3, Muntz is directed to the method of claim 2 wherein said tokenized 
URL further comprises a cryptogram based at least in part on an identifier that 
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describes the location of said digital content (Muntz teaches creating a encryption of the 
token and the block list in paragraph 39. Note that the token and/or the block list include 
information that identifies the resource, and therefore once encrypted, creates a 
cryptogram based on characteristics of the resource). 

1 1 .3. As per claim 4, Muntz is directed to the method of claim 2 wherein said token is 
from a token pool associated with the location of digital content for which access is 
authorized (generation or selection of tokens from a token pool to identify and describe 
the resource to be accessed was well-known at the time of invention). 

1 1 .4. As per claim 5, Muntz is directed to the method of claim 1 , further comprising 
synchronizing with said content repository if synchronization is enabled (paragraph 23 
teaches synchronization with the resource storage during authorization process). 

1 1 .5. As per claim 6, Muntz is directed to the method of claim 1 wherein said one or 
more delivery parameters comprises a serial number uniquely identifying said target 
device (paragraph 23 shows the credentials of the user and the client device are part of 
the authorization combination). 

1 1 .6. As per claim 7, 8 and 9 Muntz is directed to the method of claim 1 , which 
describes a method for access control to digital data and determining whether the client 
is authorized to access data. After the access authorization is determined, the next step 
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is secure delivery of digital content. Examiner takes the official notice that use of a tol<en 
to specify and communicate the parameters associated with the content delivery 
encryption protocol, such as the cryptographic process and methods to derive keys for 
encryption and decryption was well-known at the time of Invention. 

1 1 .7. Limitations of claims 1 1 -32 are substantially the same as limitations of claims 1 -9 
above. 

1 1 .8. As per claim 33, Muntz is directed to a method for digital content access control, 
comprising: receiving, by a content repository, an authenticated digital content request 
Including one or more delivery parameters (Fig. 3 Item 216 and Fig. 5B and associated 
text shows reception of an authenticated digital content request by a block server), 
wherein said one or more delivery parameters is used to determine the target device 
(see claim 1) said authenticated digital content request based at least in part on a digital 
content request comprising a request for digital content (see response to claim 1 ); 
validating, by said content repository, said authenticated digital content request, said 
validating comprising indicating said authenticated digital content request is valid if said 
authenticated digital content request Is validly associated with said digital content and if 
said authenticated digital content request authenticates said digital content request 
(paragraphs 27-29); determining, by said content repository, a session key If said 
authenticated digital content request is valid (paragraph 28), said determining 
comprising: determining a target key based at least In part on a target ID obtained using 



Application/Control Number: 10/669,160 Page 17 

Art Unit: 2139 

said one or more delivery parameters, said target ID identifying a target device; and 
applying a cryptographic process to a first key based at least in part on at least part of 
said authenticated digital content request together with said target key to create said 
session key; encrypting said digital content using said session key; and sending said 
encrypted digital content (as mentioned in response to claim 1 , creation of a session 
key to encrypt the digital content for secure delivery to a target device was well-known 
and commonly used at the time of invention). 

1 1 .9. As per claim 34, creation of the session key based on another master key and 
parameters identified in a token were well-known at the time of invention. 

11.10. Limitations of claims 35-41 are substantially the same as limitations of claims 1 -9 
and 33-35 above. 

1 1 .1 1 . As per claim 42-45 Muntz is directed to the method of claim 33 wherein said 
validating further comprises: receiving a token; indicating said token is invalid if said 
token is not associated with an partially redeemed or unredeemed offset within a token 
offset window, said token offset window comprising one or more offset entries identified 
by a base number and an offset from said base number, said one or more offset entries 
associated with a token in a token pool formed by applying a cryptographic process to 
the sum of said base number and said offset from said base number, together with a 
token chain key, said token pool associated with said digital content; and updating the 
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offset entry associated witli said token and indicating said received token is valid if said 
token is associated with a partially redeemed offset or unredeemed offset within said 
token offset window (Muntz is directed to limitations of claim 33 as discussed above. 
The additional limitations are directed to a method of checking the validity of a token 
selected from a token pool, wherein the token pool is associated with a digital content 
for controlling user access. Examiner takes the official notice that this method was well 
known in the art at the time of invention, and it would have been obvious to the person 
skilled in art to use the method to control and limit user access to digital data). 

11.12. Limitations of claims 46-86 are substantially the same as limitations of claims 1 - 
45 above. 

Conclusion 

12. Applicant's amendment necessitated the new ground(s) of rejection presented in 

this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP 

§ 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 

CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
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shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the date of this final action. 

1 3. Any Inquiry concerning this communication or earlier communications from the 
examiner should be directed to Farid Homayounmehr whose telephone number is (571) 
272-3739. The examiner can be normally reached on 9 hrs Mon-Fri, off Monday 
biweekly. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Kristine Kincaid can be reached on (571 ) 272-4063. The fax phone number 
for the organization where this application or proceeding is assigned is 571-273-8300. 
Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published 
applications may be obtained from either Private PAIR or Public PAIR. Status 
information for unpublished applications is available through Private PAIR only. For 
more Information about the PAIR system, see http://pair-direct.uspto.gov. Should you 
have questions on access to the Private PAIR system, contact the Electronic Business 
Center (EBC) at 866-217-9197 (toll-free). 

Farid Homayounmehr 
7/17/2008 
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/Kristine Kincaid/ 

Supervisory Patent Examiner, Art Unit 2139 



